All articles

ALL SIEM STRATEGY SECURITY ANNOUNCEMENT DEPLOYMENT COMPLIANCE COMPARISON RSS

April 1, 2020

How a centralized log collection tool can help your SIEM solutions

IT security should be one of the main focus points of all enterprises. In today’s world, when digital transformation is taking place at an unprecedented pace, securing online data is vital for all kinds of businesses. This is why most companies are utilizing SIEM (Security Information and Event Management) solutions that help them identify threats before they can do any harm. Even though SIEM tools are perfect for event correlation and analytics, it is not part of their core functionality to manage log collection, filtering, distribution, and formatting.

March 3, 2020

Sending ETW Logs to Splunk with NXLog

NXLog supports direct collection of Event Tracing for Windows (ETW) data. DNS Analytical logs, for example, can be forwarded to Splunk or another SIEM for monitoring and analysis. Collecting ETW Logs Event Tracing for Windows (ETW) is a kernel-level tracing facility that provides high-performance logging of kernel and application events. ETW events can be written to a log file or collected directly from the system in realtime via the Consumers API.

February 3, 2020

Insufficient logging and monitoring, TOP 10 security risk

"The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications." In this article these top security risks discussed in the context of log collection. OWASP API security top 10 most critical API security risks APIs are a critical part of modern technologies - from SaaS and web consumer applications to enterprise deployments.

January 24, 2020

What is File Integrity Monitoring (FIM)? Why do you need it?

About File Integrity Monitoring (FIM) File integrity monitoring is implemented as a detection mechanism to monitor changes to important files and folders. File integrity monitoring is largely used as a security measure for detection and for meeting obligations such as compliance. By using file integrity monitoring, better control measures can be taken due to being able to track and provide data for alerts of activities on assets that are being monitored, such as potential unauthorized changes.

October 22, 2019

Agent-based versus agentless log collection - which option is best?

One of the harder decisions revolve around implementing agent-based vs agentless log collection. This post covers the two methods - their advantages and disadvantages - and provides some quick and actionable implementation notes. Why does log collection agent choice matter? When deploying a log collection strategy, administrators usually tend to zone in on already selected solutions that answers fundamental questions, such as "Will this solution collect and ship these types of log sources?

December 17, 2018

Making the most of Windows Event Forwarding for centralized log collection

Windows Event Forwarding (WEF) provides log centralization capabilities that are natively supported in Windows-based systems. It is straightforward to set up since it is already built into Windows, and only a few pre-requisites are required, such as having a dedicated event server with a group policy object (GPO). Despite its ease of use and native support, WEF has some limitations. This post covers the advantages of using Windows Event Forwarding for centralized log collection, followed by limitations of WEF and its subsequent solutions.

All articles

Featured posts

Categories

All articles

Sign up

Featured posts

Categories